SCP (Service Control Policy)

aws/security aws/governance

💡 Definition

Service Control Policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization.

🔑 Key Concepts

⚙️ How it Works

  1. Define Policy: Write a JSON policy (similar to IAM).
  2. Attach: Attach it to an OU (e.g., "Production").
  3. Enforce: If the SCP says "Deny S3", no one in that OU can use S3, even if their IAM policy says "Allow S3".

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * AWS Organizations * IAM